{"report_id":"e32bfdd8-2741-450e-b528-25ea06e4629c","version":6,"status":"done","tags":[],"date":"2026-05-18T11:46:15Z","url":{"schema":"http","addr":"bitethir.icu","fqdn":"bitethir.icu","domain":"bitethir.icu","tld":"icu"},"ip":{"addr":"172.67.131.89","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"bitethir.icu/","fqdn":"bitethir.icu","domain":"bitethir.icu","tld":"icu"},"title":"Document","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bitethir.icu","fqdn":"bitethir.icu","domain":"bitethir.icu","tld":"icu"},"ip":{"addr":"172.67.131.89","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-22T11:46:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-18T11:45:51Z","timestamp":1779104751,"ip_dst":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":50538,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2026-05-18T11:45:51.624517+0000\",\"flow_id\":2046753711807826,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.3\",\"src_port\":50538,\"dest_ip\":\"188.114.96.1\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"bitethir.icu\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":1654,\"start\":\"2026-05-18T11:45:51.613714+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"bitethir.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"bitethir.icu","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-08","domain_rank":0,"first_seen":"2026-05-18T11:46:15.813088Z","last_seen":"2026-05-18T11:46:15.813088Z","alert_count":5,"request_count":5,"received_data":3503886,"sent_data":2345,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"bitethir.icu/","fqdn":"bitethir.icu","domain":"bitethir.icu","tld":"icu"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"5889e05854449d0d6df055c1f58cef24","sha1":"a2f74b92d2717b05f66c1acb841655bdd94679f2","sha256":"402560a8ceb2931b3cacf416b53b09fd1d836cb7e00214a02f62baf21d05466b","sha512":"9a82d873d01fd0fc75250886ace1219ec692f2ef65be345a4c4d63f1b43638b38d25de1f2df77cdeb68344145f69af5c063d34173c97993206eb591edd0c8bb8","ssdeep":"768:Topzbc50Bwu7v/RnlkZXrPbQxdr3KpzqpYcMyKSW9ubi5c6PcKmHCcq1/rTJcG2U:+Bv7h2ZXrPb6d+IdLwTdfhF/W8P","tlshash":"1d7371d5a90be0e58e5221ddd477e805e4680a23cdacf1a3ba6cddd1b41df22c48723b","size":77062,"data":"","first_seen":"2026-05-12T22:00:59.673412Z","last_seen":"2026-05-18T11:47:07.636454Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bitethir.icu/ultramodule-1.0.6.js","fqdn":"bitethir.icu","domain":"bitethir.icu","tld":"icu"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb2eccc25feaed314fcf2238a83e7762","sha1":"11189e17427b626a85188f0c691e5002dd2344e8","sha256":"a6a6fd7dc4293b0db1965f807d943660a7921f105f23c564c33f7ce866056b97","sha512":"4a0ea924d6006bdd353504dfbc3f25255ba47b8f1790656993fd2dd83ed8b0151525e96eb0cbb7f867d38357124a7d17062ea9598a73531a29a82744d5e3fc0f","ssdeep":"768:uYVz7cPABw+LHxM3zZ7CG0EBx1eh+jcx0cAjcGuW9ubi5LQ6LckmJCcq1frtJcKo:dBZHi3zV5Bx1eBwcfOfLxRLr/WAHa","tlshash":"fe7360d6a80be0d58e5560ddc477ec09e4680a63cdacf093ba6cddd5b41ef62848723b","size":79899,"data":"","first_seen":"2026-05-12T22:00:59.67161Z","last_seen":"2026-05-18T11:47:07.635321Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"bitethir.icu/secureproxy.php?e=jscdn/getFile","fqdn":"bitethir.icu","domain":"bitethir.icu","tld":"icu"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bitethir.icu/","date":"2026-05-18T11:45:53.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitethir.icu","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 10:02:27 GMT","end":"Thu, 06 Aug 2026 10:02:26 GMT"},"fingerprint":{"sha1":"AB:F0:EE:E9:47:25:61:4B:5E:7C:CA:49:C9:EF:1A:E9:62:30:D5:82","sha256":"A7:02:8E:59:43:18:AC:B7:D7:D1:9E:39:63:B3:1E:CC:FB:5A:CF:A8:61:E9:AC:C1:9C:C7:7A:58:4C:56:93:56"}}},"request":{"raw":"POST /secureproxy.php?e=jscdn/getFile HTTP/1.1\r\nHost: bitethir.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bitethir.icu/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://bitethir.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"n596asrq8yd09lls9m0z\"}"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 18 May 2026 11:45:54 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, HEAD, POST, OPTIONS\r\naccess-control-allow-headers: *\r\naccess-control-max-age: 3600\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CCVS6m9ckeRAdb4ZpJUw0lWqfem9AaTHU4kFrBm%2B%2BKjFxbF6jNhCrxdQVcgkcLZD%2F%2FDGB8Qxigb8UX4gbMZCjDVsSA92O9M4zyHnZT2P%2BW2%2Bjx4PuZS6H9nD9OWrdeg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fda9e428933b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3419654,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e12d40137982f05ae285a1b85ebdfcc3","sha1":"8266ca0dc64193c6d300ca247759da75d49f86a8","sha256":"bfe0796b820fa3bf5294f2e968139890628a7eb4f94d0a85441cb00aa2d81793","sha512":"c9f2eaa8f64952dde5f723f7af3af1cbbf2dde6183f9e67723ac4fedc7b87220b3fa4734dd89164c2c470687d73d6d0370c8946c601e8895fd5ac71c4f75f915","ssdeep":"24576:w9jV8/8Yae0PgGswPpBroS7InwbjtsJshJuEbdb3T:wh7OwPEZJsR","tlshash":"952523506d97e86b4b4c6bb6a8f76e0265814f8349cc50cfe922ddc012f877681dea4f","first_seen":"2026-05-18T11:46:27.725233Z","last_seen":"2026-05-18T11:47:07.630943Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1249,"receive":1978,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"bitethir.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitethir.icu/","fqdn":"bitethir.icu","domain":"bitethir.icu","tld":"icu"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-18T11:45:51.558Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitethir.icu","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 10:02:27 GMT","end":"Thu, 06 Aug 2026 10:02:26 GMT"},"fingerprint":{"sha1":"AB:F0:EE:E9:47:25:61:4B:5E:7C:CA:49:C9:EF:1A:E9:62:30:D5:82","sha256":"A7:02:8E:59:43:18:AC:B7:D7:D1:9E:39:63:B3:1E:CC:FB:5A:CF:A8:61:E9:AC:C1:9C:C7:7A:58:4C:56:93:56"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: bitethir.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 18 May 2026 11:45:51 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 08 May 2026 11:02:37 GMT\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sE6L6tshT2ROXaNlRgT8v3243BY9IxuEqNZG4kQs1Oj8YG5qfRZuLELi0X9YXCBpLe3F1qExj2aGHrlq0F6iZ%2FFGNtSUQLNKJFe5RNVgLdkcXvwYte2D0N7zv%2BVtpdI%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9fda9e39beb756b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":422,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"6d389e368497215c6370a8f55e2272f5","sha1":"3d45f601e86ff9f052a6a0ad05cb65cd5d0f9db2","sha256":"d3f8b9f946f59f11da342eb8b1fce1dcc2dcc587ae8cd62b400a17035efb4c73","sha512":"32f0e7a8a2e02dc608a9d4ff18992f9c6a655316c8c5f614fc1a5f6e5ee65525e3b1a1d7fe3bec8d8e507c1efd4efc5ea8f9916f05afc6b02ef25f2b9d23216e","ssdeep":"","tlshash":"09e022a188c28c080230495449d3f008fd8aa087a2c8ad047ade21bb1fe7a44889b2a6","first_seen":"2026-05-18T11:46:27.726656Z","last_seen":"2026-05-18T11:47:07.633382Z","times_seen":2,"resource_available":true,"data":null}},"time_used":361,"timings":{"blocked":75,"dns":56,"connect":1,"send":0,"wait":211,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"bitethir.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitethir.icu/ultramodule-1.0.6.js","fqdn":"bitethir.icu","domain":"bitethir.icu","tld":"icu"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bitethir.icu/","date":"2026-05-18T11:45:51.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitethir.icu","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 10:02:27 GMT","end":"Thu, 06 Aug 2026 10:02:26 GMT"},"fingerprint":{"sha1":"AB:F0:EE:E9:47:25:61:4B:5E:7C:CA:49:C9:EF:1A:E9:62:30:D5:82","sha256":"A7:02:8E:59:43:18:AC:B7:D7:D1:9E:39:63:B3:1E:CC:FB:5A:CF:A8:61:E9:AC:C1:9C:C7:7A:58:4C:56:93:56"}}},"request":{"raw":"GET /ultramodule-1.0.6.js HTTP/1.1\r\nHost: bitethir.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitethir.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 18 May 2026 11:45:52 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nlast-modified: Fri, 08 May 2026 11:02:37 GMT\r\npriority: u=2,i=?0\r\netag: W/\"69fdc2cd-1381b\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yp%2F9N5N42nbaBwgZ%2F4Bd2FuuSPGT3H8fLRmfKVMWlwXuNOWeQ3py%2BSVsbUN3jMPaI1DA1DeoDWUQKLMKD%2Foe%2Bv5BSCqT7KijbLifaitNBMw5tjOD%2F0buLOlE0bNrHJY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fda9e3bf97db1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":79899,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"eb2eccc25feaed314fcf2238a83e7762","sha1":"11189e17427b626a85188f0c691e5002dd2344e8","sha256":"a6a6fd7dc4293b0db1965f807d943660a7921f105f23c564c33f7ce866056b97","sha512":"4a0ea924d6006bdd353504dfbc3f25255ba47b8f1790656993fd2dd83ed8b0151525e96eb0cbb7f867d38357124a7d17062ea9598a73531a29a82744d5e3fc0f","ssdeep":"768:uYVz7cPABw+LHxM3zZ7CG0EBx1eh+jcx0cAjcGuW9ubi5LQ6LckmJCcq1frtJcKo:dBZHi3zV5Bx1eBwcfOfLxRLr/WAHa","tlshash":"fe7360d6a80be0d58e5560ddc477ec09e4680a63cdacf093ba6cddd5b41ef62848723b","first_seen":"2026-05-12T22:00:59.67161Z","last_seen":"2026-05-18T11:47:07.635321Z","times_seen":4,"resource_available":true,"data":null}},"time_used":390,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":388,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"bitethir.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitethir.icu/favicon.ico","fqdn":"bitethir.icu","domain":"bitethir.icu","tld":"icu"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bitethir.icu/","date":"2026-05-18T11:45:52.536Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitethir.icu","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 10:02:27 GMT","end":"Thu, 06 Aug 2026 10:02:26 GMT"},"fingerprint":{"sha1":"AB:F0:EE:E9:47:25:61:4B:5E:7C:CA:49:C9:EF:1A:E9:62:30:D5:82","sha256":"A7:02:8E:59:43:18:AC:B7:D7:D1:9E:39:63:B3:1E:CC:FB:5A:CF:A8:61:E9:AC:C1:9C:C7:7A:58:4C:56:93:56"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: bitethir.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitethir.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Mon, 18 May 2026 11:45:53 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kEhZ6Imv5D3lpBrgYEMWW8SZ5dVWKPexHZWUVKJhddt2T4MjAEfjTuvKmtw64WXbEkksYtE33CZ2Ok%2B1kzyYX%2FPeFX5klGG4w15Vulvf2Fvn9EMmkhJHyCxQ0LNhreg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9fda9e3f5d42b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":275,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"37d58730d6eb6ff3ec70fbbdda37e5f8","sha1":"6ed42a3f3687a3bafebb122a84fea699d8d1798e","sha256":"d85ae147a0d9ea86574c8352040c0fdfdb7db6a7d974ef2caa5ee86da1005068","sha512":"961086c1016f3844d7088c6abc09f7f029beca6cd24fbd2bc3752ddeab179546b5cd02706267573c1434474e1dd510cd262227939e0eaba720b4ff212ad67698","ssdeep":"","tlshash":"0ad02bef508363874812149039c125d2278d22faa43a85ac2dcad4cb529853ecedaa99","first_seen":"2026-05-18T11:46:27.729212Z","last_seen":"2026-05-18T11:47:07.62842Z","times_seen":2,"resource_available":false,"data":null}},"time_used":474,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":474,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"bitethir.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitethir.icu/secureproxy?e=jscdn/getFile","fqdn":"bitethir.icu","domain":"bitethir.icu","tld":"icu"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bitethir.icu/","date":"2026-05-18T11:45:52.585Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitethir.icu","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 08 May 2026 10:02:27 GMT","end":"Thu, 06 Aug 2026 10:02:26 GMT"},"fingerprint":{"sha1":"AB:F0:EE:E9:47:25:61:4B:5E:7C:CA:49:C9:EF:1A:E9:62:30:D5:82","sha256":"A7:02:8E:59:43:18:AC:B7:D7:D1:9E:39:63:B3:1E:CC:FB:5A:CF:A8:61:E9:AC:C1:9C:C7:7A:58:4C:56:93:56"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: bitethir.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bitethir.icu/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://bitethir.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"n596asrq8yd09lls9m0z\"}"}},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Mon, 18 May 2026 11:45:53 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zu7TirBrH3%2Bhb2R22xxD3xBIMKl9R91sE6fML2%2BjYiPGo89ROSRp2QdUxZKjaiC5iv67Sh31psQzF1kikQNuo5MOVMFzrtko%2BZpZ%2B6PExKijbj1ubu4hMIiuAnPQdkw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9fda9e3fae8ab1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":275,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"37d58730d6eb6ff3ec70fbbdda37e5f8","sha1":"6ed42a3f3687a3bafebb122a84fea699d8d1798e","sha256":"d85ae147a0d9ea86574c8352040c0fdfdb7db6a7d974ef2caa5ee86da1005068","sha512":"961086c1016f3844d7088c6abc09f7f029beca6cd24fbd2bc3752ddeab179546b5cd02706267573c1434474e1dd510cd262227939e0eaba720b4ff212ad67698","ssdeep":"","tlshash":"0ad02bef508363874812149039c125d2278d22faa43a85ac2dcad4cb529853ecedaa99","first_seen":"2026-05-18T11:46:27.729212Z","last_seen":"2026-05-18T11:47:07.62842Z","times_seen":2,"resource_available":false,"data":null}},"time_used":423,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":422,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-18","alert":"Sinkholed","trigger":"bitethir.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}